Hello, welcome to the Monday, April 25th, 2020 edition of the Sansonet Storms and StormCast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

Got two interesting diaries this weekend, first one by DDA, looking at a fishing word document that for a change did not

contain any macros the DA walks you through how to use his famous tools in order to

first identify that there are no macros and then secondly identify the fishing URL embedded in the document. The big advantage here

is these are all simple, fast command line tools, so running them takes literally no time, and

of course, no danger here of actually opening a malicious document Word to figure out what it is doing.

So for anybody here having to analyze a lot of Word documents, you've got a quick step-by-step

plan here on how to deal with those documents.

And do you own a streaming device?

Well, probably everybody has some kind of Rokuplex, Apple TV order like.

Guy took a look at various scans looking for Roku devices and attempting to either get to confidential information or to look for

exposed and vulnerable devices that could potentially be exploited. These devices should

obviously never be exposed to the internet and here I said it yet again. The problem here is often that NetHacker essentially just wants to use your subscriptions

in order to watch TV shows, and of course, with various streaming services, clamping down

on sharing of passwords. It may find you locked out of various

services yourself.

Well, while we're still waiting for the Microsoft RPC vulnerability to actually be exploited,

we do have for you now even more proof of consulate exploits for CVE

2022, 21-449. This is the elliptic curve DSA, a signature of vulnerability that I talked

about last week. And well, on Friday, I mentioned that there is a proof of concept

exploit that impersonated a web server. We now also have a proof of concept exploit that

shows how this vulnerability can be used to fake JWT token of signatures.

...